All attacks in this repo work at least in this version.
-
tcache (per-thread cache) is introduced (enabled in ubuntu-build since 2.27)
- See tukan.farm for a short overview
-
unlink(AV, P, BK, FD):- Add size consistency check:
if (__builtin_expect (chunksize(P) != prev_size (next_chunk(P)), 0)) malloc_printerr ("corrupted size vs. prev_size");
- Add size consistency check:
malloc_consolidate(mstate av):- Add size check when placing chunks into fastbins:
unsigned int idx = fastbin_index (chunksize (p)); if ((&fastbin (av, idx)) != fb) malloc_printerr ("malloc_consolidate(): invalid chunk size");
- Add size check when placing chunks into fastbins: